Bangladesh heist linked to attack on Sony: BAE researchers

Malicious software used in February’s $81 million heist at Bangladesh Bank is linked to other cyber attacks, including the high-profile 2014 attack on Sony’s Hollywood studio, according to a new report from cyber security firm BAE Systems.

“What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign,” BAE’s cyber-security team said in the report it plans to release on Friday.

Reuters was not able to independently verify the report from BAE, which last month released the first public analysis of malware used in the attack on Bangladesh Bank. BAE, which is not one of the security firms that Bangladesh Bank hired to help with forensics, said it found the malware on its own by combing through repositories that collect samples of malicious files.

Similar malware recently was used to target a Vietnamese commercial bank with fraudulent messages from the SWIFT money transfer system, which also was used in the Bangladesh hack, BAE said. The distinctive computer code used to erase the tracks of hackers in the bank attacks was similar to code used to attack Sony.

Sony Pictures Entertainment’s network was virtually shut down in late 2014 with destructive malware. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

BAE did not name the Vietnamese bank, but SWIFT, the Brussels-based global financial messaging network, disclosed on

Thursday that malware had been discovered targeting a new commercial bank. Neither firm said whether funds had been stolen. Read more